Sunday, December 8, 2019
Guide to Industrial Control System Security Free Sample
  Question:  Discuss about the Industrial Control System Security.    Answer:    Introduction  The term Industrial Control System is used to refer to a large number of control systems that are used for assisting industrial production operations. The distributedcontrol systems(DCS), supervisory controland data acquisition (SCADA)systems and other programmable control system are in general referred to be essential components of Industrial Control System  This particular report is aimed at providing the management of the Pure Land Wastewater Treatment Inc with information about those technological systems, the inclusion of which would help in improving the security levels of the industrial control system currently used by the organization.  Current state description  Established in 2001, Pure Land Wastewater Treatment Inc, is one such organization that has a significance experience in various aspects of Wastewater Treatment, besides being one of the most well known names in the domain of Biological Fermentation industries and Chemical Manufacturing.  The following diagram depicts the existing industrial control system that Pure Land Wastewater Treatment Inc utilizes on a day to day basis:    Figure 1: The existing industrial control system of Pure Land Wastewater Treatment Inc  (Source: Reissman, 2014, pp- 9)  As depicted in the diagram, the existing industrial control system can be subdivided into four sections: the Business LAN, the supervisory network, the control system and the field system  The following section of the report provides a brief description of these subsystems:     The Business LAN    The employees of the organization have access to this section of the network. A web server caters to the requests made by the employees and the business service applications can be connected to the internet (Reissman, 2014). However this particular connection is protected by a firewall.     The supervisory network    The supervisory control and data acquisition or SCADA system remotely monitors and controls the operational functionalities of the organization.     The control system     Efficient human machine interfaces and Inter-Control Center CommunicationsProtocols (ICCP) are utilized for managing the exchange of information between the control system, the field system and the other facilities of the organization (Reissman, 2014).     The field system    The waste water treatment process and the sanitizer feed tank or the COI are remotely controlled remotely by the process control vendor support systems. The internet is utilized for establishing this communication link.  Overview of network weaknesses  On detailed examination of the existing ICS network, the following weaknesses were identified:  The employees of the organization are capable of connecting to the internet and an internal firewall has been set up for enhancing the security levels of this section of the ICS (Peng et al. 2012). However, all the business services use this particular LAN connection and thus should have been protected with an external firewall and an Intrusion Detection and Prevention system, which at this point in time is non-existing.  The other sections of the ICP are not protected with any security system and thus are vulnerable to a wide range of cyber attacks.  The ICCP protocol is used for maintaining the communication between the control system, the field system and the other facilities of the organization. However, even these communication links are not protected with security system (Estevez,  Marcos, 2012).  Last but not the least, third party vendors have access to the sanitizer feed tank and the waste water treatment facilities through unprotected, internet based communication channels.  Threats and vulnerabilities associated with the ICS  The following section of the report is aimed at providing an insight in to those cyber security threats or vulnerabilities that are associated with industrial control systems.          Sl. No      Threat type      Examples of threat          1      Malware infection through intranet or internet sources      1. Exploitation of the zero day exploits or unknown/ undetected attack that have been launched previously on the system (Allianz-fuer-cybersicherheit.de, 2016).  2. Attacks on the external web pages of the organization, attacks being launched in form of cross-site scripting ,SQL injection, etc  3. Limiting the functionalities of the system components by launching untargeted malware attacks.          2       Malware attack through external hardware devices and removable media      1. Executable applications might be embedded with malicious codes (Dhs.gov, 2016).  2. USB flash drives used by employees might also be sources of malware attacks (Kaspersky.com, 2016).          3.      Sabotage or human error      1. Compromising the security of the system by intentional usage of unauthorized hardware or software components (Ics-cert.us-cert.gov, 2016).  2. Incorrect configuration of system components.          4      Intrusion through remote access      1. Attacks launched on access points that have been created for maintenance purpose (Rooijakkers  Sadiq , 2015).            5.      Attacks on control systems that are connected to the internet      1. Attacks can be launched on control systems that connected directly to the internet.          Understanding of applicable regulations for achieving compliance with CFATS regulations within the plan  In order to achieve the compliance with the Chemical Facility Anti-Terrorism Standards or CFATS regulation, the higher management of Pure Land Wastewater Treatment Inc should be abiding by the following regulations:  Appendix [A] to the Chemical Facility Anti-Terrorism Standard, Final Rule:  The Appendix [A] to the Chemical Facility Anti-Terrorism Standard, Final Rule, published in November consists of a list of as many as 300 COI or Chemicals of Interest, besides providing each of their Screening Threshold Quantities or STQ (Dhs.gov, 2016).  Organizations that holds any of these Chemicals of Interests at their respective STQ levels or higher need to submit the Top screen reports within a period of 60 days (Rooijakkers  Sadiq , 2015).  Chemical Facility Anti-Terrorism Standards, Interim Final Rule:  The Chemical Facility Anti-Terrorism Standards regulation was published on April 9th, 2007, as the Interim Final Rule, after considering the information available from the individuals operating in the industries that abide by CSAT regulations, companies, trade associations and numerous other entities (Sadiq  McCreight, 2013).   The DHS took the initiative of publishing an appendix that contained a list of several Chemicals of Interests and their corresponding levels, on storage of which an enterprise would have to submit online Top Screenreports to the Department of Homeland Security through the online Chemical Security Assessment or the CSAT (Dhs.gov, 2016).    Desired future state  In the light of the discussions made in the above sections of the report, it can be concluded that in order improve the security level of the ICS system and avoid the risks and vulnerabilities that are frequently launched against such systems, certain changes must be incorporated within the said system. The desired changes have been mentioned in the following list:  The various sub parts of the entire network must be isolated from each other , by the implementation of VPN solutions and firewall (both internal and external), such that the attack routes leading to the ICS network can be avoided (Reaves,  Morris, 2012).  Conventional security measures like that of antivirus software modules and firewalls need to be implemented in the periphery of each of these sub-networks.  The internal access for those control processes that lie in the close vicinity of the production environment must be disabled (Galloway  Hancke, 2013).  Secure authentication procedures must be followed for utilizing the remote access facilities (Ics-cert.us-cert.gov, 2016).  Five areas of cyber-security that needs to be improved  The analysis of the diagram of network used by Pure Land Wastewater Treatment Inc , along with the consideration of the ranked subject areas available in the cyber security assessment report, has lead to the identification of the following domains that require improvement:  Information and documentation management process need to be incorporated within the existing system which would enhance the process of securing the enterprise information (Sadiq  McCreight, 2013).  Firewalls need to be implemented at the peripheries of all the sub-sections of the network  Incident response policies have to be implemented (Allianz-fuer-cybersicherheit.de, 2016).  The techniques currently being used for malware detection and monitoring need to be improved (Reaves,  Morris, 2012).  The processes currently being used for controlling remote access to the ICS need to be secured (Galloway  Hancke, 2013).  Conclusion  The report provides a detailed discussion on the industrial control system that is currently being utilized by Pure Land Wastewater Treatment Inc. A schematic diagram of the existing network architecture has been provided in the report, based on which the weaknesses of the existing system have been identified. Based on the identified weaknesses, a list of security treats or vulnerabilities has been provided, so as make the management of organization aware of the attacks which might be launched against the system.  In order to achieve compliance with the CFATS regulations, Pure Land Wastewater Treatment Inc require to abide by two DHS regulations, the details of which have been provided in the report. The report also provides insight into some technological aspects that need to be implemented within the ICS system. Last but not the least, five such cyber-security domains have been identified, based on the reports generated by the U. S Homeland Security Department, which require immediate attention for enhancing the level of security of the ICS system.    References  Allianz-fuer-cybersicherheit.de,. (2016). Industrial Control System Security. Allianz-fuer-cybersicherheit.de. Retrieved 19 March 2016, from https://www.allianz-fuer-cybersicherheit.de/ACS/DE/_/downloads/BSI-CS_005E.pdf?__blob=publicationFilev=2  Dhs.gov,. (2016). CFATS Covered Chemical Facilities | Homeland Security. Dhs.gov. Retrieved 19 March 2016, from https://www.dhs.gov/cfats-covered-chemical-facilities  Estevez, E.,  Marcos, M. (2012). Model-based validation of industrial control systems.Industrial Informatics, IEEE Transactions on,8(2), 302-310.  Friedland, B. (2012).Control system design: an introduction to state-space methods. Courier Corporation.  Galloway, B.,  Hancke, G. P. (2013). Introduction to industrial control networks.Communications Surveys  Tutorials, IEEE,15(2), 860-880.  Ics-cert.us-cert.gov,. (2016). Overview of Cyber Vulnerabilities | ICS-CERT. Ics-cert.us-cert.gov. Retrieved 19 March 2016, from https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilities  Kaspersky.com,. (2016). Retrieved 19 March 2016, from https://media.kaspersky.com/en/business-security/critical-infrastructure-protection/Cyber_A4_Leaflet_eng_web.pdf  Peng, Y., Jiang, C., Xie, F., Dai, Z., Xiong, Q.,  Gao, Y. (2012). Industrial control system cybersecurity research.Journal of Tsinghua University Science and Technology,52(10), 1396-1408.  Reaves, B.,  Morris, T. (2012). An open virtual testbed for industrial control system security research.International Journal of Information Security,11(4), 215-229.  Reissman, L. (2014). Pureland Cyber Secrity Assessment.  Rooijakkers, M.,  Sadiq, A. A. (2015). Critical infrastructure, terrorism, and the Chemical Facility Anti-Terrorism Standards: the need for collaboration.International Journal of Critical Infrastructures,11(2), 167-182.  Sadiq, A. A.,  McCreight, R. (2013). Assessing the Chemical Facility Anti-Terrorism Standards after 5 years: achievements, challenges, and risks ahead.Journal of Homeland Security and Emergency Management,10(1), 387-404.    
Subscribe to:
Post Comments (Atom)
 
 
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.